🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our SQL Injection firewall rule

3,020,253

Attacks Blocked in Past 24 Hours

Showing 941-960 of 1,281 Vulnerabilities

Demon image annotation <= 5.3 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-40215

Aug 10, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Database Administrator <= 1.0.3 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-3211

Jul 24, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WPML String Translation <= 3.2.5 - Authenticated (Administrator+) SQL Injection via 'context'

7.2

CVE ID Unknown

Jul 24, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Onepage Builder – Easiest Landing Page Builder For WordPress <= 2.4.1 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-38391

Jul 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Contact Form to Any API <= 1.1.2 - Authenticated (Administrator+) SQL Injection via 'form_id'

7.2

CVE-2023-32741

Jul 17, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

FluentForm <= 4.3.25 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-24410

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

RSVPMaker <= 10.5.4 - Authenticated (Administrator+) SQL Injection via 'resend'

7.2

CVE-2023-29095

Jul 5, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Contact Form to DB by BestWebSoft <= 1.7.1 - Authenticated (Administrator+) SQL Injection via 's'

7.2

CVE-2023-36508

Jun 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id

7.2

CVE-2023-2188

Jun 22, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby'

7.2

CVE-2023-3023

Jun 8, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-34179

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Report Post <= 2.1.2 - Authenticated (Editor+) SQL Injection

7.2

CVE-2023-34168

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Portfolio Gallery – Photo Gallery <= 1.1.8 - Authenticated (Admin+) SQL Injection

7.2

CVE-2014-125101

May 27, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

QueryWall <= 1.1.1 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-2492

May 26, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WooCommerce Follow-Up Emails <= 4.9.50 - Authenticated (Follow-up emails manager+) SQL Injection

7.2

CVE-2023-33330

May 24, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection

7.2

CVE-2023-33331

May 24, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SIS Handball <= 1.0.45 - Authenticated (Administrator+) SQL Injection via 'orderby'

7.2

CVE-2023-33924

May 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Multiple Page Generator Plugin – MPG <= 3.3.19 - Authenticated (Administrator+) SQL Injection in projects_list and total_projects

7.2

CVE-2023-33927

May 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SupportCandy <= 3.1.6 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-2805

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.3 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-2527

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Demon image annotation <= 5.3 - Authenticated (Administrator+) SQL Injection	CVE-2023-40215	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
WordPress Database Administrator <= 1.0.3 - Authenticated (Administrator+) SQL Injection	CVE-2023-3211	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 24, 2023
WPML String Translation <= 3.2.5 - Authenticated (Administrator+) SQL Injection via 'context'		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 24, 2023
Onepage Builder – Easiest Landing Page Builder For WordPress <= 2.4.1 - Authenticated (Administrator+) SQL Injection	CVE-2023-38391	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 20, 2023
Contact Form to Any API <= 1.1.2 - Authenticated (Administrator+) SQL Injection via 'form_id'	CVE-2023-32741	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 17, 2023
FluentForm <= 4.3.25 - Authenticated (Administrator+) SQL Injection	CVE-2023-24410	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 12, 2023
RSVPMaker <= 10.5.4 - Authenticated (Administrator+) SQL Injection via 'resend'	CVE-2023-29095	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 5, 2023
Contact Form to DB by BestWebSoft <= 1.7.1 - Authenticated (Administrator+) SQL Injection via 's'	CVE-2023-36508	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	June 23, 2023
Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id	CVE-2023-2188	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	June 22, 2023
WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby'	CVE-2023-3023	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	June 8, 2023
Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection	CVE-2023-34179	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 30, 2023
WP Report Post <= 2.1.2 - Authenticated (Editor+) SQL Injection	CVE-2023-34168	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 30, 2023
Portfolio Gallery – Photo Gallery <= 1.1.8 - Authenticated (Admin+) SQL Injection	CVE-2014-125101	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 27, 2023
QueryWall <= 1.1.1 - Authenticated (Administrator+) SQL Injection	CVE-2023-2492	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 26, 2023
WooCommerce Follow-Up Emails <= 4.9.50 - Authenticated (Follow-up emails manager+) SQL Injection	CVE-2023-33330	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 24, 2023
WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection	CVE-2023-33331	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 24, 2023
SIS Handball <= 1.0.45 - Authenticated (Administrator+) SQL Injection via 'orderby'	CVE-2023-33924	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 23, 2023
Multiple Page Generator Plugin – MPG <= 3.3.19 - Authenticated (Administrator+) SQL Injection in projects_list and total_projects	CVE-2023-33927	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 23, 2023
SupportCandy <= 3.1.6 - Authenticated (Admin+) SQL Injection	CVE-2023-2805	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 22, 2023
Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.3 - Authenticated (Admin+) SQL Injection	CVE-2023-2527	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 22, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation